[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec SA DELETE in "dangling" implementation
Dan Harkins wrote:
>
> But what if you do always keep up an IKE SA and you just suspend your
> laptop or pull the ethernet cable out and then do a shutdown? Now I've got
> the 2 IPSec SAs and an IKE SA. This problem isn't solvable. And it seems to
> be specific to mobile host implementations with short term SAs. Since IPSec,
> and IKE, are not mobile host-specific I don't think a general purpose rule
> to do this is necessarily needed. And, as you say, no big deal.
>
> I think a nice generic keep alive function would be more useful to
> implement. Why doesn't someone write a draft on this subject?
>
> Dan.
>
This is just a hypothetical question: If we did have a keep-alive
protocol, would there remain any value in sending DELETEs at all?
--
####################################
# Ricky Charlet
# (510) 795-6903
# rcharlet@redcreek.com
####################################
end Howdy;
Follow-Ups:
References: